US is the most vulnerable nation to attacks; White House working on executive order for agency CIOs
Enterprises are not the only ones at risk when it comes to cyberattacks. Government institutions can also fall victim to a nation-state attack at any time. Digital frameworks are still very vulnerable and, quite surprisingly, the US has been declared the most vulnerable nation by Rob Knake, the official in charge of the country’s cybersecurity policy during Barack Obama’s administration.
“We are going to be less reactive to incoming cyberattacks because we have more to lose and we’re in a democratic society that is going to force government to take certain responses,” Knake said at the Council on Foreign Relations. “That’s not true of China, Russia, Iran or North Korea.”
While the Obama administration allegedly carried out the famous Stuxnet attack on Iran’s nuclear program, it has been accused of introducing a rather laid-back approach to cyber policy. The Donald Trump administration wants to release an executive order to redefine the role of agency CIOs, as part of an IT modernization strategy.
The bizarre twist is that the executive order they’re working on will not include CIO authorities in the Defense Department, although Congress has been pushing to redefine CIO authority and responsibilities to make them more strategic and aggressive. According to the Defense Authorization Bill signed this year by President Donald Trump, the CIO has to be appointed by the president and confirmed by the Senate. It’s still unclear why the Defense Department has not been included.
Former officials have anonymously commented on the executive order which, in their opinion, brings few additions to other plans that have been presented in the past 15 years.
By enforcing the executive order, the administration’s goal is to enhance “the management and oversight of federal IT by designating the chief information officer of each covered agency as the primary point of responsibility and accountability for management of IT resources within that agency. The agency chief information officer should be the key strategic advisor to the agency head concerning the use of IT to accomplish the agency’s mission, reduce cybersecurity risks, and improve efficiency,” the draft EO states.
“Consistent with statute, the agency chief information officer should play a central role in all annual and multi-year planning, programming, budgeting, acquisition, and oversight processes related to IT. As such, the agency chief information officer should establish an enterprise wide technology roadmap and govern its execution. This requires the latitude to operate across agency component organizations and to drive the enterprise wide consolidation and modernization of the agency’s IT portfolio.”